Plugin::UserAuth: delete sensitive data from User object

author hylom <hylom@users.sourceforge.jp>

Wed, 31 Oct 2018 12:02:22 +0000 (21:02 +0900)

committer hylom <hylom@users.sourceforge.jp>

Wed, 31 Oct 2018 12:02:22 +0000 (21:02 +0900)
author hylom <hylom@users.sourceforge.jp>
Wed, 31 Oct 2018 12:02:22 +0000 (21:02 +0900)
committer hylom <hylom@users.sourceforge.jp>
Wed, 31 Oct 2018 12:02:22 +0000 (21:02 +0900)
diff --git a/src/newslash_web/lib/Newslash/Plugin/UserAuth.pm b/src/newslash_web/lib/Newslash/Plugin/UserAuth.pm

index 0b88b3c..a7502e7 100644 (file)
--- a/src/newslash_web/lib/Newslash/Plugin/UserAuth.pm
+++ b/src/newslash_web/lib/Newslash/Plugin/UserAuth.pm
@@ -44,6 +44,12 @@ sub register {
                                        24 => srcid($remote_ip, 24),
                                        32 => srcid($remote_ip, 32),
                                       };
+
+                   # delete private informations
+                   delete $user->{passwd};
+                   delete $user->{newpasswd};
+                   delete $user->{newpasswd_ts};
+
                     if ($user->{is_login}) {
                         $user->{messages} = $c->kvs->cache("messages:$user->{uid}",
                                                            60,
author	hylom <hylom@users.sourceforge.jp>
	Wed, 31 Oct 2018 12:02:22 +0000 (21:02 +0900)
committer	hylom <hylom@users.sourceforge.jp>
	Wed, 31 Oct 2018 12:02:22 +0000 (21:02 +0900)